From aec0128f365fcbc5cd5013a9441b833f9711e818 Mon Sep 17 00:00:00 2001 From: Olivier Lamy Date: Mon, 24 May 2021 15:49:58 +1000 Subject: [PATCH] Update VERSION.TXT jetty-10.0.x (#6314) * Updating VERSION.TXT * add jetty-9.4.41.v20210516 in VERSION.TXT Signed-off-by: olivier lamy --- VERSION.txt | 78 +++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 67 insertions(+), 11 deletions(-) diff --git a/VERSION.txt b/VERSION.txt index 9a808978213..f8e1d1a701b 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1,4 +1,43 @@ -jetty-10.0.3-SNAPSHOT +jetty-10.0.4-SNAPSHOT + +jetty-10.0.3 - 20 May 2021 + + 3764 DeprecationWarning Decorator + + 5306 Default jetty.*.acceptors should be 1 + + 5684 Review disabled tests + + 5798 jetty-runner startup error with jetty-10 + + 5817 Provide more filtering for CustomRequestLog + + 6049 Default provider [files] section always executed + + 6084 GzipHandler: NPE in setDeflaterPoolCapacity and setInflaterPoolCapacity + + 6098 jetty-cdi is missing from jetty-bom + + 6099 Cipher preference may break SNI if certificates have different key + types + + 6105 HttpConnection.getBytesIn() incorrect for requests with chunked content + + + 6106 WebSocket/CDI integration is broken in Jetty 10 + + 6132 Ambiguous segment in URI in DELETE + /a/projects/foo/branches/refs%2Fheads%2Ftest request after upgrade from + 10.0.0 to 10.0.2 + + 6153 jetty-maven-plugin does not correctly pass JVM arguments for external + deployMode + + 6159 Jetty with Conscrypt unable to handle any HTTPS requests when connected + by IP rather than hostname. + + 6166 WebSocket MessageInputStream.read() spends a lot of time in + ByteBuffer.compact() + + 6205 OpenIdAuthenticator may use incorrect redirect + + 6207 Make ALPN optional in HTTP2Client over TLS + + 6208 HTTP/2 max local stream count exceeded + + 6224 make jetty-jspc-maven-plugin @threadSafe + + 6227 Better resolve race between `AsyncListener.onTimeout` and + `AsyncContext.dispatch` + + 6238 jetty-keystore Invalid manifest header Bundle-SymbolicName: "" + + 6250 Lazily allocate HTTP2Stream data queue + + 6251 Use CyclicTimeout for HTTP2Streams + + 6254 Total timeout not enforced for queued requests + + 6263 Review URI encoding in ConcatServlet & WelcomeFilter + + 6272 Reduce allocation in HttpClient when notifying content listeners + + 6277 Better handle exceptions thrown from session destroy listener + + 6280 Copy ServletHolder class/instance properly during startWebapp + + 6287 Class loading broken for WebSocketClient used inside webapp jetty-10.0.2 - 26 March 2021 + 4275 Path Normalization/Traversal - Context Matching @@ -16,24 +55,26 @@ jetty-10.0.2 - 26 March 2021 directory. + 6011 OSGi Cannot start Jetty with osgi.boot - Configurations add wrong method taken - + 6020 Review Jetty Maven Plugin scanning defaults + + 6020 Review Jetty Maven Plugin scanning defaults + 6021 Standardize Path resolution in XmlConfiguration + 6024 Error starting jetty-10: Provider org.eclipse.jetty.websocket.javax.client.JavaxWebSocketShutdownContainer not found - + 6026 the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG + + 6026 the jvm DEBUG flag is not working org.eclipse.jetty.LEVEL=DEBUG + 6034 SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present - + 6037 Review logging modules for j.u.l. + + 6037 Review logging modules for j.u.l + 6050 Websocket: NotUtf8Exception after upgrade 9.4.35 -> 9.4.36 or newer + 6063 Allow override of hazelcast version when using module - + 6072 jetty server high CPU when client send data length > 17408 - Resolves CVE-2021-28165 - + 6076 Embedded Jetty throws null pointer exception + + 6072 jetty server high CPU when client send data length > 17408 - Resolves + CVE-2021-28165 + + 6076 Embedded Jetty throws null pointer exception + 6082 SslConnection compacting + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" Message + 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164 - + 6102 Exclude webapps directory from deployment scan - Resolves CVE-2021-28163 + + 6102 Exclude webapps directory from deployment scan - Resolves + CVE-2021-28163 jetty-10.0.1 - 19 February 2021 + 1673 jetty-demo/etc/keystore should not be distributed @@ -133,6 +174,19 @@ jetty-10.0.0.beta3 - 21 October 2020 + 5475 Update to spifly 1.3.2 and asm 9 + 5480 NPE from WebInfConfiguration.deconfigure during WebAppContext shutdown +jetty-9.4.41.v20210516 - 16 May 2021 + + 6099 Cipher preference may break SNI if certificates have different key + types + + 6186 Add Null Protection on Log / Logger + + 6205 OpenIdAuthenticator may use incorrect redirect + + 6208 HTTP/2 max local stream count exceeded + + 6227 Better resolve race between `AsyncListener.onTimeout` and + `AsyncContext.dispatch` + + 6254 Total timeout not enforced for queued requests + + 6263 Review URI encoding in ConcatServlet & WelcomeFilter + + 6277 Better handle exceptions thrown from session destroy listener + + 6280 Copy ServletHolder class/instance properly during startWebapp + jetty-9.4.39.v20210325 - 25 March 2021 + 6034 SslContextFactory may select a wildcard certificate during SNI selection when a more specific SSL certificate is present @@ -140,11 +194,13 @@ jetty-9.4.39.v20210325 - 25 March 2021 + 6052 Cleanup TypeUtil and ModuleLocation to allow jetty-client/hybrid to work on Android + 6063 Allow override of hazelcast version when using module - + 6072 jetty server high CPU when client send data length > 17408 - Resolves CVE-2021-28165 + + 6072 jetty server high CPU when client send data length > 17408 - Resolves + CVE-2021-28165 + 6085 Jetty keeps Sessions in use after "Duplicate valid session cookies" Message + 6101 Normalize ambiguous URIs - Resolves CVE-2021-28164 - + 6102 Exclude webapps directory from deployment scan - Resolves CVE-2021-28163 + + 6102 Exclude webapps directory from deployment scan - Resolves + CVE-2021-28163 jetty-9.4.38.v20210224 - 24 February 2021 + 4275 Path Normalization/Traversal - Context Matching @@ -172,8 +228,8 @@ jetty-9.4.37.v20210219 - 19 February 2021 + 5979 Configurable gzip Etag extension jetty-9.4.36.v20210114 - 14 January 2021 - + 5310 Jetty Http2 client discards the response frames when there is GOAWAY and - sends RST_STREAM + + 5310 Jetty Http2 client discards the response frames when there is GOAWAY + and sends RST_STREAM + 5499 Improve temporary buffer usage for WebSocket PerMessageDeflate + 5633 Allow to configure HttpClient request authority + 5689 Jetty ssl keystorePath doesn't work with absolute path